Support » Plugin: Login Lockdown - Protect Login Form » good features!!

  • Resolved selnomeria

    (@selnomeria)


    Hi.
    Its good, if you add this several good features:

    1) A textarea, where i can completely disable wp-login.php access to all IP’s, except the WHITELISTED ip addresses.
    for example,in textarea i can enter like:

    <textarea>
    149.29.30.94 (its Mike)
    100.239.43.35 (george, the editor),
    </textarea>

    and etc…
    and there should be “ON/OFF” below the texatera. if user clicks ON, and in the list his IP is not found, then he should get a javascript alert (“HEY, your ip is XXX.XXX.XX.XX, so add yourself too!”)

    then, the plugin should check, whenever wp-login.php is accessed, if the visitor’s IP is not mentioned in any of the above lines, then disable login screen, and just show the visitor his IP address with the message – “Your IP is XXX.XXX.XX.XX, ask admin to add this ip into WHITELIST”.(thats because, that not all users are experienced, so, they not everyone knows even, what it IP and how to find out their IP)

    (i dont know what logic should be used, but maybe this does the job:

    <Files wp-login.php>
    order deny,allow
    Deny from all
    allow from xx.xxx.xx.xx
    </Files>

    2) Make a database table (like other LOGIN TRACK plugins), where will be saved each login, with username, date and IP. so, the plugin should have a separate page to view those tracks.

    3) its good if you add option to edit .htaccess file. I mean, that (like iThemes security or etc), you will make user to ON/OFF the following option:
    – Disable hotlinking of Images from other servers.

    using

    #RewriteEngine On
    #RewriteCond %{HTTP_REFERER} !^https?://(www\.)?add-your-domain-here\.com [NC]
    #RewriteCond %{HTTP_REFERER} !^$
    #RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ - [F]

    if you will do them, i think it will be very good. also, if you add the

    https://wordpress.org/plugins/login-lockdown/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter selnomeria

    (@selnomeria)

    hm..
    plugin doesnt work at all. I have activated, but when i try to trigger “fake logins”, more than 10 times i tried from another browser, but i was not blocked…

    @selnomeria – I am not going to add anything about hotlinking in to Login LockDown, that makes no sense for this plugin. I do have some features I will be adding in the next version, whitelisiting is one possibility.

    As far as not locking out “fake logins”, unless you specificly tell it to lock out invalid usernames it doesn’t bother. Usernames that don’t exist will never guess a correct password anyway, so they will never be able to access your site. There is an option to mask the login error, so they won’t know that it is an invalid username, but those do not get logged to the database unless you enable that option.

    -Michael

    Thread Starter selnomeria

    (@selnomeria)

    I have updated – https://wordpress.org/plugins/login-tracker-logs/ (i am author of it)
    IT will be very useful, if you integrate that plugins functions into yours.. !!
    also, i like:
    https://wordpress.org/support/plugin/bruteprotect
    http://wordpress.org/support/plugin/login-protection
    and i might redirect my plugin to yours.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘good features!!’ is closed to new replies.